Context Navigation

source: roaraudio/libroar/auth.c @ 5144:9126d33415d7

Visit:

Last change on this file since 5144:9126d33415d7 was 5144:9126d33415d7, checked in by phi, 13 years ago
corrected stream ID, set it to -1 if unused.
File size: 12.1 KB

Line
1	//auth.c:
2
3	/*
4	* Copyright (C) Philipp 'ph3-der-loewe' Schafft - 2008-2011
5	*
6	* This file is part of libroar a part of RoarAudio,
7	* a cross-platform sound system for both, home and professional use.
8	* See README for details.
9	*
10	* This file is free software; you can redistribute it and/or modify
11	* it under the terms of the GNU General Public License version 3
12	* as published by the Free Software Foundation.
13	*
14	* libroar is distributed in the hope that it will be useful,
15	* but WITHOUT ANY WARRANTY; without even the implied warranty of
16	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17	* GNU General Public License for more details.
18	*
19	* You should have received a copy of the GNU General Public License
20	* along with this software; see the file COPYING. If not, write to
21	* the Free Software Foundation, 51 Franklin Street, Fifth Floor,
22	* Boston, MA 02110-1301, USA.
23	*
24	* NOTE for everyone want's to change something and send patches:
25	* read README and HACKING! There a addition information on
26	* the license of this document you need to read before you send
27	* any patches.
28	*
29	* NOTE for uses of non-GPL (LGPL,...) software using libesd, libartsc
30	* or libpulse*:
31	* The libs libroaresd, libroararts and libroarpulse link this lib
32	* and are therefore GPL. Because of this it may be illegal to use
33	* them with any software that uses libesd, libartsc or libpulse*.
34	*/
35
36	#include "libroar.h"
37
38	/* How auth works:
39	* 0) set stage to zero
40	* 1) get server address and local node name (from uname())
41	* 2) look up authfile/authdb/authservice for the server+local address + stage.
42	* if no data was found send NONE-Auth.
43	* 3) send data to server
44	* 4) read answer from server
45	* 5) if stage of server response is non-zero increment stage to server stage+1
46	* and repeat from step 2)
47	* 6) check if we got an OK or an ERROR, return correct value
48	*/
49
50	/* The protocol:
51	* Auth request:
52	* Byte 0: auth type
53	* Byte 1: stage
54	* Byte 2: reserved (must be zero)
55	* Byte 3: reserved (must be zero)
56	* Byte 4-end: auth type depending data.
57	*
58	* If no data is to be send bytes 2 and 3 can be omitted.
59	* If no data is to be send and stage is zero bytes 1, 2 and 3 can be omitted.
60	*
61	* Auth response:
62	* The same as the auth request.
63	* if the server sends an zero size message back it means the server accepted our connection
64	* and no additional stage is needed.
65	* if the message type is OK the server accepted our auth.
66	* if the message type is ERROR the server rejected us. we may try other auth methods.
67	* if the server accepted our data and the stage is non-zero we need to continue with the next
68	* stage of the auth.
69	* if the server rejected us the auth type value of the response is a suggested next auth type
70	* we should try if possible. This may help the client to find a working auth type.
71	*/
72
73	/* The protocol by auth type:
74	*
75	* --- NONE:
76	* No data is send, the server accepts the connect or rejects it depending on some
77	* magic within the server. we do not care about this.
78	* The data block is not used.
79	*
80	* --- COOKIE:
81	* We send cookies for all stages the server ask us to provide a cookie.
82	* if a cookie is wrong the server rejects us or asks us for another.
83	* The cookie is send as binary data in the data block.
84	*
85	* --- TRUST:
86	* We ask the server to auth us based on our UID/GID/PID.
87	* The server may reject this because we are not allowed or because it is not
88	* supported by the transport.
89	* If we get rejected we may try to continue with IDENT then RHOST before we use NONE.
90	* The data block is not used.
91	*
92	* --- PASSWORD:
93	* This is technically the same as COOKIE just that the cookie is limited to
94	* printable ASCII chars and that the user should be asked to provide the password.
95	* This may be done via a GUI popup window.
96	*
97	* --- SYSUSER:
98	* We provide a Username + Password for a system user.
99	* The data block contains of two main parts:
100	* The first part is a one byte long subtype.
101	* The value must be 0x01 for username+password.
102	* future versions may define other types.
103	* the second part is the actual data block.
104	* for username+password it is splited into two fields, both terminated with \0.
105	* the first is the username the last one the password as clear text.
106	* Example: char data[] = "\001MyUser\0MyPassword\0";
107	*
108	* --- OPENPGP_SIGN:
109	*
110	* --- OPENPGP_ENCRYPT:
111	*
112	* --- OPENPGP_AUTH:
113	*
114	* --- KERBEROS:
115	* We use Kerberos to auth.
116	*
117	* --- RHOST:
118	* The server is asked to auth us based on our source address.
119	* The data block is not used.
120	*
121	* --- XAUTH:
122	* We send an X11 Cookie.
123	*
124	* --- IDENT:
125	* The server is asked to auth us based on our source address using the IDENT protocol.
126	* The data block is not used.
127	*
128	*/
129
130	static int roar_auth_ask_server (struct roar_connection * con, struct roar_auth_message * authmes) {
131	struct roar_error_frame error_frame;
132	struct roar_message mes;
133	char * header = mes.data;
134	int ret;
135	char * data = NULL;
136
137	memset(&mes, 0, sizeof(struct roar_message)); // make valgrind happy!
138
139	mes.cmd = ROAR_CMD_AUTH;
140	mes.stream = -1;
141	mes.datalen = 4 + authmes->len;
142
143	if ( mes.datalen > sizeof(mes.data) ) {
144	data = malloc(mes.datalen);
145	if ( data == NULL )
146	return -1;
147
148	header = data;
149	}
150
151	header[0] = authmes->type;
152	header[1] = authmes->stage;
153	header[2] = authmes->reserved.c[0];
154	header[3] = authmes->reserved.c[1];
155
156	if ( authmes->len ) {
157	if ( data == NULL ) {
158	memcpy(mes.data + 4, authmes->data, authmes->len);
159	} else {
160	memcpy(data + 4, authmes->data, authmes->len);
161	}
162	}
163
164	if ( (ret = roar_req(con, &mes, &data)) == -1 ) {
165	authmes->type = -1;
166	return -1;
167	}
168
169	if ( data != NULL ) {
170	header = data;
171	} else {
172	header = mes.data;
173	}
174
175	if ( mes.cmd != ROAR_CMD_OK ) {
176	if ( data != NULL ) {
177	// we currently do not support long error frames.
178	free(data);
179	return -1;
180	}
181
182	ret = -1;
183	if ( roar_err_parsemsg(&mes, &error_frame) == -1 ) {
184	authmes->type = -1;
185	return -1;
186	}
187
188	header = error_frame.data;
189	mes.datalen = error_frame.datalen;
190	}
191
192	if ( mes.datalen < 4 ) {
193	memset(header+mes.datalen, 0, 4-mes.datalen);
194	authmes->type = -1;
195	} else {
196	authmes->type = header[0];
197	}
198
199	authmes->stage = header[1];
200	authmes->reserved.c[0] = header[2];
201	authmes->reserved.c[1] = header[3];
202
203	if ( data != NULL )
204	free(data);
205
206	return ret;
207	}
208
209	static void roar_auth_mes_init(struct roar_auth_message * authmes, int type) {
210	memset(authmes, 0, sizeof(struct roar_auth_message));
211
212	authmes->type = type;
213	authmes->stage = 0;
214	authmes->data = NULL;
215	authmes->len = 0;
216	}
217
218
219	static int try_password (struct roar_connection * con, int * next) {
220	struct roar_message mes;
221	struct roar_auth_message authmes;
222	char * pw;
223
224	// TODO: add support for *next.
225
226	roar_auth_mes_init(&authmes, ROAR_AUTH_T_PASSWORD);
227
228	if ( roar_passwd_simple_ask_pw(&pw, "Password for RoarAudio Server?", NULL) == -1 ) {
229	return -1;
230	}
231
232	authmes.len = strlen(pw);
233
234	if ( roar_auth_init_mes(&mes, &authmes) == -1 ) {
235	roar_mm_free(pw);
236	return -1;
237	}
238
239	// do not use strcpy() because that would copy \0, too.
240	memcpy(authmes.data, pw, authmes.len);
241
242	roar_mm_free(pw);
243
244	if ( roar_req(con, &mes, NULL) == -1 )
245	return -1;
246
247	if ( mes.cmd != ROAR_CMD_OK )
248	return -1;
249
250	if ( roar_auth_from_mes(&authmes, &mes, NULL) == -1 )
251	return -1;
252
253	if ( authmes.stage == 0 )
254	return 0;
255
256	return -1;
257	}
258
259	static int try_cookie (struct roar_connection * con, int * next) {
260	struct roar_libroar_config * config = roar_libroar_get_config();
261	struct roar_auth_message authmes;
262	struct roar_authfile * authfile;
263	struct roar_authfile_key * key;
264	int idx;
265	int done = 0;
266
267	roar_auth_mes_init(&authmes, ROAR_AUTH_T_COOKIE);
268
269	if ( (authfile = roar_authfile_open(ROAR_AUTHFILE_TYPE_AUTO, config->authfile, 0, ROAR_AUTHFILE_VERSION_AUTO)) == NULL )
270	return -1;
271
272	for (idx = 0; !done; idx++) {
273	if ( (key = roar_authfile_lookup_key(authfile, ROAR_AUTH_T_COOKIE, idx, NULL)) == NULL )
274	break;
275
276	authmes.data = key->data;
277	authmes.len = key->len;
278
279	if ( roar_auth_ask_server(con, &authmes) != -1 )
280	done = 1;
281
282	roar_authfile_key_unref(key);
283	}
284
285	roar_authfile_close(authfile);
286
287	return done ? 0 : -1;
288	}
289
290	#define _EOL ROAR_AUTH_T_AUTO
291	int roar_auth (struct roar_connection * con) {
292	struct roar_auth_message authmes;
293	int ret;
294	int i;
295	int cur, next;
296	int done;
297	int ltt[] = {
298	ROAR_AUTH_T_TRUST,
299	ROAR_AUTH_T_IDENT,
300	ROAR_AUTH_T_RHOST,
301	// ROAR_AUTH_T_PASSWORD,
302	ROAR_AUTH_T_COOKIE,
303	ROAR_AUTH_T_NONE,
304	_EOL
305	};
306
307	for (i = 0; ltt[i] != _EOL; i++) {
308	next = ltt[i];
309	while (next != -1) {
310	done = 1;
311
312	cur = next;
313	next = -1;
314
315	switch (cur) {
316	case ROAR_AUTH_T_PASSWORD:
317	if ( (ret = try_password(con, &next)) == -1 )
318	done = 0;
319	break;
320	case ROAR_AUTH_T_TRUST:
321	case ROAR_AUTH_T_IDENT:
322	case ROAR_AUTH_T_RHOST:
323	case ROAR_AUTH_T_NONE:
324	roar_auth_mes_init(&authmes, ltt[i]);
325	if ( (ret = roar_auth_ask_server(con, &authmes)) == -1 )
326	done = 0;
327
328	next = authmes.type;
329	break;
330	case ROAR_AUTH_T_COOKIE:
331	if ( (ret = try_cookie(con, &next)) == -1 )
332	done = 0;
333	break;
334	break;
335	default: /* Bad error! */
336	return -1;
337	break;
338	}
339
340	if ( authmes.stage != 0 )
341	done = 0;
342
343	if ( done )
344	return 0;
345	}
346	}
347
348	return -1;
349	}
350
351
352	int roar_auth_from_mes(struct roar_auth_message * ames, struct roar_message * mes, void * data) {
353	void * ibuf;
354	char header[4] = {0, 0, 0, 0};
355
356	if ( ames == NULL \|\| mes == NULL )
357	return -1;
358
359	if ( data != NULL ) {
360	ibuf = data;
361	} else {
362	ibuf = mes->data;
363	}
364
365	memset(ames, 0, sizeof(struct roar_auth_message));
366
367	memcpy(header, ibuf, mes->datalen < 4 ? mes->datalen : 4);
368
369	ames->type = header[0];
370	ames->stage = header[1];
371	ames->reserved.c[0] = header[2];
372	ames->reserved.c[1] = header[3];
373
374	if ( mes->datalen > 4 ) {
375	ames->data = ibuf + 4;
376	ames->len = mes->datalen - 4;
377	} else {
378	ames->data = NULL;
379	ames->len = 0;
380	}
381
382	return 0;
383	}
384
385	int roar_auth_to_mes(struct roar_message * mes, void ** data, struct roar_auth_message * ames) {
386	char * obuf;
387
388	if ( mes == NULL \|\| ames == NULL )
389	return -1;
390
391	if ( data != NULL )
392	*data = NULL;
393
394	memset(mes, 0, sizeof(struct roar_message));
395
396	mes->cmd = ROAR_CMD_AUTH;
397
398	if ( (ames->len + 4) > sizeof(mes->data) ) {
399	*data = malloc(ames->len + 4);
400	if ( *data == NULL )
401	return -1;
402	obuf = *data;
403	} else {
404	obuf = mes->data;
405	}
406
407	obuf[0] = ames->type;
408	obuf[1] = ames->stage;
409	obuf[2] = ames->reserved.c[0];
410	obuf[3] = ames->reserved.c[1];
411
412	memcpy(obuf + 8, ames->data, ames->len);
413
414	mes->datalen = ames->len + 4;
415
416	return 0;
417	}
418
419	int roar_auth_init_mes(struct roar_message * mes, struct roar_auth_message * ames) {
420	if ( mes == NULL \|\| ames == NULL )
421	return -1;
422
423	if ( (ames->len + 4) > sizeof(mes->data) )
424	return -1;
425
426	memset(mes, 0, sizeof(struct roar_message));
427
428	mes->cmd = ROAR_CMD_AUTH;
429
430	mes->data[0] = ames->type;
431	mes->data[1] = ames->stage;
432	mes->data[2] = ames->reserved.c[0];
433	mes->data[3] = ames->reserved.c[1];
434
435	ames->data = &(mes->data[4]);
436
437	mes->datalen = ames->len + 4;
438
439	return 0;
440	}
441
442
443
444	// String functions:
445	static struct {
446	int type;
447	const char * name;
448	} _g_authts[] = {
449	// grep ^'#define ROAR_AUTH_T_' auth.h \| while read d t d; do n=$(cut -d_ -f4 <<<$t \| tr A-Z a-z); printf ' {%-28s %-10s},\n' $t, \"$n\"; done
450	{ROAR_AUTH_T_NONE, "none" },
451	{ROAR_AUTH_T_COOKIE, "cookie" },
452	{ROAR_AUTH_T_TRUST, "trust" },
453	{ROAR_AUTH_T_PASSWORD, "password"},
454	{ROAR_AUTH_T_SYSUSER, "sysuser" },
455	{ROAR_AUTH_T_OPENPGP_SIGN, "openpgp" },
456	{ROAR_AUTH_T_OPENPGP_ENCRYPT, "openpgp" },
457	{ROAR_AUTH_T_OPENPGP_AUTH, "openpgp" },
458	{ROAR_AUTH_T_KERBEROS, "kerberos"},
459	{ROAR_AUTH_T_RHOST, "rhost" },
460	{ROAR_AUTH_T_XAUTH, "xauth" },
461	{ROAR_AUTH_T_IDENT, "ident" },
462	{-1, NULL}
463	};
464
465	int roar_str2autht(const char * str) {
466	int i;
467
468	for (i = 0; _g_authts[i].name != NULL; i++)
469	if ( !strcasecmp(_g_authts[i].name, str) )
470	return _g_authts[i].type;
471
472	return -1;
473	}
474
475	const char * roar_autht2str(const int auth) {
476	int i;
477
478	for (i = 0; _g_authts[i].name != NULL; i++)
479	if ( _g_authts[i].type == auth )
480	return _g_authts[i].name;
481
482	return "(UNKNOWN)";
483	}
484
485	//ll

Note: See TracBrowser for help on using the repository browser.

Download in other formats: